TechSpot

Paypal account hacked 2 times :( Someone in my computer? Please help

By astar78
Feb 12, 2011
  1. I logged into my unused bank account today and to my dismay it was negative $300.00 I looked through the charges and saw that there was a payment made to paypal causing my account to overdraw and keep getting fees added daily. I then went into my paypal account to see when this had happened as I had no idea what this charge was for. It was to someone out of the country, a verified account for a women named Giana Ginna. I have no idea who this is and I didnt authorize such a transaction. I immediately called paypal and they told me that they would put investigate the claim and that they would credit my account if it turned out that in fact these were fraudulent charges. They ended up telling me it takes 14 days for this investigation and that they will not help me w/ overdraft charges etc and that it's my banks responsibility. I got in my car and drove to the bank to speak to them about this. While I was out I stopped to grab something and tried to use my paypal debit card (where I had just received another payment and had $) and my card was declined. I figured it was because of the dispute but when I got home and logged into my account to check it out and found out that the same Giana Ginna had received another payment, supposedly sent by me. I called paypal again about it and they told me that it too would take an additional 14 days to be credited. They told me that I probably have a keylogger or some type of malware. As you can imagine, I am very upset about this and am not sure what to do.

    I ran my anti-virus and it didn't come up with anything. I am running Windows Vista and using Avast antivirus.

    I hope someone out there can help. I am so lost on what to do.




    ---------------------------------------------------------------------------------------------------

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5745

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    2/12/2011 12:33:26 AM
    mbam-log-2011-02-12 (00-33-26).txt

    Scan type: Quick scan
    Objects scanned: 172774
    Time elapsed: 4 minute(s), 24 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    ---------------------------------------------------------------------------------------------------


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-02-12 01:24:39
    Windows 6.0.6002 Service Pack 2
    Running: kie9p5cz.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA1 0xF7 0x6E 0x66 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7F 0x1F 0xC3 0x46 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x83 0x43 0x98 0x70 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAF 0x48 0x93 0xE3 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7F 0x1F 0xC3 0x46 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x64 0x97 0x94 0xDD ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAF 0x48 0x93 0xE3 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7F 0x1F 0xC3 0x46 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x64 0x97 0x94 0xDD ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE1 0x71 0xE4 0x9B ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7F 0x1F 0xC3 0x46 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x64 0x97 0x94 0xDD ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE1 0x71 0xE4 0x9B ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7F 0x1F 0xC3 0x46 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x64 0x97 0x94 0xDD ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xD2 0x71 0x26 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7F 0x1F 0xC3 0x46 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x64 0x97 0x94 0xDD ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x18 0xA3 0x22 0xA6 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7F 0x1F 0xC3 0x46 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x64 0x97 0x94 0xDD ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x18 0xA3 0x22 0xA6 ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7F 0x1F 0xC3 0x46 ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x64 0x97 0x94 0xDD ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x30 0xE1 0xB3 0x6E ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7F 0x1F 0xC3 0x46 ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x64 0x97 0x94 0xDD ...
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2D 0x97 0x13 0xAE ...
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7F 0x1F 0xC3 0x46 ...
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x83 0x43 0x98 0x70 ...
    Reg HKCU\Software\Microsoft\Windows Live\Companion\latinindustryconnection@live.com@835ca662eb9d4e00a63e4936bf1d9f92\r\n 0xD3 0x1C 0xBC 0x70 ...
    Reg HKCU\Software\Microsoft\Windows Live\Companion\latinindustryconnection@live.com@49c8eff00b90fddbcea727876c4b1eab\r\n 0xDD 0xFE 0x20 0x43 ...
    Reg HKCU\Software\Microsoft\Windows Live\Companion\latinindustryconnection@live.com@104122a03b5bcb00aee4ff8231da0109\r\n 0x02 0xBE 0x79 0xB5 ...
    Reg HKCU\Software\Microsoft\Windows Live\Companion\latinindustryconnection@live.com@e3e530ef3310028136c13a3c43b6af40\r\n 0x87 0xA9 0xCB 0x2D ...

    ---- Files - GMER 1.0.15 ----

    File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS161DF.log 0 bytes
    File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS161E0.log 0 bytes
    File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS161E1.log 0 bytes
    File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS161E2.log 0 bytes
    File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS161E3.log 0 bytes
    File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS161E4.log 0 bytes
    File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS161E5.log 0 bytes
    File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS161CC.log 0 bytes
    File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS161DE.log 0 bytes

    ---- EOF - GMER 1.0.15 ----



    ---------------------------------------------------------------------------------------------------



    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by Angela Star at 1:24:56.13 on Sat 02/12/2011
    Internet Explorer: 8.0.6001.19019
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.7934.5445 [GMT -6:00]

    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k yksvcs
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\agr64svc.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Super_DVD_Creator_9.8\NMSAccessU.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\MHotKey.exe
    C:\Windows\ChiFuncExt.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\Yahoo!\Search Protection\searchprotection.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\ooVoo\ooVoo.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Users\Angela Star\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\CNYHKey.exe
    C:\Program Files (x86)\Cyberlink\Power2Go\clmlsvc.exe
    C:\Program Files (x86)\D-Link\Wireless G WUA-1340\airgcfg.exe
    C:\Program Files (x86)\ANI\ANIWZCS2 Service\wzcsldr2.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Windows\v0330mon.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\NCH Swift Sound\Talk\talk.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Angela Star\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/
    uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0110&m=dx4300
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0110&m=dx4300
    mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0110&m=dx4300
    mWinlogon: Userinit=userinit.exe,
    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll
    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
    uRun: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
    uRun: [AdobeBridge]
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [HKECU] C:\Users\Angela Star\AppData\Roaming\install\server.exe
    uRun: [HKVLM] C:\Users\ANGELA~1\AppData\Local\Temp\722659_INCG.exe
    uRun: [cdloader] "C:\Users\Angela Star\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [Windows Defender] C:\Users\Angela Star\AppData\Roaming\msmgr.exe
    uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
    mRun: [LchDrvKey] LchDrvKey.exe
    mRun: [LedKey] CNYHKey.exe
    mRun: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
    mRun: [D-Link Wireless G WUA-1340] "C:\Program Files (x86)\D-Link\Wireless G WUA-1340\AirGCFG.exe"
    mRun: [ANIWZCS2Service] "C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
    mRun: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    mRun: [<NO NAME>]
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    mRun: [V0330Mon.exe] C:\Windows\v0330mon.exe
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [Talk] "C:\Program Files (x86)\NCH Swift Sound\Talk\talk.exe" -logon
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mRun: [Fax Machine]
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    StartupFolder: C:\Users\ANGELA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Angela Star\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Free YouTube to Mp3 Converter - C:\Users\Angela Star\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    uASetup: {A2EDB9ED-AEAE-DABC-D429-B8ED5A01E441} - C:\Users\Angela Star\AppData\Roaming\WinDefender.exe
    uASetup: {B44CBCEC-5D48-CA1F-B72D-DCB9EBBAE2AE} - C:\Users\Angela Star\AppData\Roaming\livemsgr.exe
    uASetup: {B6C3CD7F-FEFE-DE0E-2FEE-AFBFED2ECC4D} - C:\Users\Angela Star\AppData\Roaming\WinDefender.exe
    uASetup: {B8CBAF29-0BCA-7AC3-CC3C-FDD228EBD2F2} - C:\Users\Angela Star\AppData\Roaming\livemsgr.exe
    BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    mRun-x64: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
    Hosts: 127.0.0.1 www.spywareinfo.com

    ============= SERVICES / DRIVERS ===============

    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-1-17 54480]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-1-16 121936]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-1-16 20048]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-1-16 61008]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-18 40384]
    R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-2-17 1153368]
    R2 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe -k yksvcs [2008-1-20 27648]
    R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-18 40384]
    R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-18 40384]
    R3 cxpl_mhd;CX23885/8 PCI-E AvStream Video Capture (PalomarMHD);C:\Windows\System32\drivers\y_cx88x.sys [2009-3-23 676992]
    R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-5-24 626176]
    R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\System32\drivers\RTL85n64.sys [2009-4-9 444960]
    R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2009-1-8 405504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-2 135664]
    S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-1-17 1038088]
    S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-11 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 V0330VID;WebCam Vista/Live! Cam Chat;C:\Windows\System32\drivers\V0330Vid.sys [2010-1-19 193312]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2009-4-9 225296]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-1-19 89920]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

    =============== File Associations ===============

    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

    =============== Created Last 30 ================

    2011-02-12 05:42:48 -------- d-----w- C:\Users\ANGELA~1\AppData\Roaming\Malwarebytes
    2011-02-12 05:42:26 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-02-12 05:42:26 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-02-12 05:42:21 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-02-12 05:42:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-02-11 16:27:44 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{9624DE09-91FA-4149-8D7C-AFEF3FF769F8}\mpengine.dll
    2011-02-09 17:01:59 1168512 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2011-02-09 17:01:58 367104 ----a-w- C:\Windows\System32\atmfd.dll
    2011-02-09 17:01:58 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2011-02-09 17:01:57 48128 ----a-w- C:\Windows\System32\atmlib.dll
    2011-02-09 17:01:57 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-02-08 17:12:50 -------- d-----w- C:\Program Files (x86)\TweetDeck
    2011-02-08 07:29:22 -------- d-----w- C:\Users\ANGELA~1\AppData\Roaming\Uniblue
    2011-02-08 07:28:45 -------- d-----w- C:\Users\ANGELA~1\AppData\Local\PackageAware
    2011-02-06 04:24:31 -------- d-----w- C:\Users\ANGELA~1\AppData\Roaming\ooVoo Details
    2011-02-06 04:24:16 -------- d-----w- C:\Program Files (x86)\ooVoo
    2011-01-27 23:24:00 -------- d-----w- C:\Program Files (x86)\Rosetta Stone
    2011-01-27 23:24:00 -------- d-----w- C:\PROGRA~3\Rosetta Stone
    2011-01-27 21:57:45 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

    ==================== Find3M ====================

    2011-01-20 16:46:10 900480 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2011-01-20 16:17:15 366592 ----a-w- C:\Windows\System32\winspool.drv
    2011-01-20 16:17:03 625152 ----a-w- C:\Windows\System32\dxgi.dll
    2011-01-20 16:16:53 287232 ----a-w- C:\Windows\System32\d3d10core.dll
    2011-01-20 16:16:52 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2011-01-20 16:16:52 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
    2011-01-20 16:16:52 1268224 ----a-w- C:\Windows\System32\d3d10.dll
    2011-01-20 16:16:47 748544 ----a-w- C:\Windows\System32\stobject.dll
    2011-01-20 16:16:40 47104 ----a-w- C:\Windows\System32\cdd.dll
    2011-01-20 16:16:10 3548672 ----a-w- C:\Windows\System32\mf.dll
    2011-01-20 16:16:08 35840 ----a-w- C:\Windows\System32\printfilterpipelineprxy.dll
    2011-01-20 16:14:49 278528 ----a-w- C:\Windows\System32\mfplat.dll
    2011-01-20 16:14:49 195072 ----a-w- C:\Windows\System32\mfps.dll
    2011-01-20 16:08:16 478720 ----a-w- C:\Windows\SysWow64\dxgi.dll
    2011-01-20 16:08:06 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2011-01-20 16:08:06 189952 ----a-w- C:\Windows\SysWow64\d3d10core.dll
    2011-01-20 16:08:06 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2011-01-20 16:08:06 1029120 ----a-w- C:\Windows\SysWow64\d3d10.dll
    2011-01-20 16:07:42 258048 ----a-w- C:\Windows\SysWow64\winspool.drv
    2011-01-20 16:07:16 586240 ----a-w- C:\Windows\SysWow64\stobject.dll
    2011-01-20 16:06:38 2873344 ----a-w- C:\Windows\SysWow64\mf.dll
    2011-01-20 16:04:54 98816 ----a-w- C:\Windows\SysWow64\mfps.dll
    2011-01-20 16:04:54 209920 ----a-w- C:\Windows\SysWow64\mfplat.dll
    2011-01-20 15:01:50 3068416 ----a-w- C:\Windows\System32\xpsservices.dll
    2011-01-20 15:01:09 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-01-20 14:59:59 1032192 ----a-w- C:\Windows\System32\printfilterpipelinesvc.exe
    2011-01-20 14:58:38 1461760 ----a-w- C:\Windows\System32\OpcServices.dll
    2011-01-20 14:57:44 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2011-01-20 14:57:28 231936 ----a-w- C:\Windows\System32\XpsRasterService.dll
    2011-01-20 14:42:00 1257984 ----a-w- C:\Windows\System32\MFH264Dec.dll
    2011-01-20 14:41:29 428544 ----a-w- C:\Windows\System32\MFHEAACdec.dll
    2011-01-20 14:40:17 345088 ----a-w- C:\Windows\System32\mfreadwrite.dll
    2011-01-20 14:40:14 34304 ----a-w- C:\Windows\System32\mfpmp.exe
    2011-01-20 14:40:11 377344 ----a-w- C:\Windows\System32\mfmp4src.dll
    2011-01-20 14:37:06 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
    2011-01-20 14:35:30 566272 ----a-w- C:\Windows\System32\d3d10level9.dll
    2011-01-20 14:28:38 1554432 ----a-w- C:\Windows\SysWow64\xpsservices.dll
    2011-01-20 14:27:50 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-01-20 14:25:25 847360 ----a-w- C:\Windows\SysWow64\OpcServices.dll
    2011-01-20 14:24:32 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2011-01-20 14:24:26 135680 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
    2011-01-20 14:15:10 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll
    2011-01-20 14:14:39 357376 ----a-w- C:\Windows\SysWow64\MFHEAACdec.dll
    2011-01-20 14:14:03 302592 ----a-w- C:\Windows\SysWow64\mfmp4src.dll
    2011-01-20 14:14:03 261632 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
    2011-01-20 14:12:46 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2011-01-20 14:11:34 486400 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2011-01-20 14:06:15 834048 ----a-w- C:\Windows\System32\d2d1.dll
    2011-01-20 14:02:46 1555968 ----a-w- C:\Windows\System32\DWrite.dll
    2011-01-20 14:02:44 1147904 ----a-w- C:\Windows\System32\FntCache.dll
    2011-01-20 13:47:51 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2011-01-20 13:44:05 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2010-12-31 14:16:41 2757632 ----a-w- C:\Windows\System32\win32k.sys
    2010-12-28 16:08:18 466944 ----a-w- C:\Windows\System32\odbc32.dll
    2010-12-28 15:55:03 413696 ----a-w- C:\Windows\SysWow64\odbc32.dll
    2010-12-18 06:55:17 1147904 ----a-w- C:\Windows\System32\wininet.dll
    2010-12-18 06:50:55 56832 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-12-18 06:50:36 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
    2010-12-18 06:50:16 77312 ----a-w- C:\Windows\System32\iesetup.dll
    2010-12-18 06:50:16 132096 ----a-w- C:\Windows\System32\iesysprep.dll
    2010-12-18 06:27:04 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-12-18 06:22:41 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-12-18 06:22:27 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2010-12-18 06:22:11 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2010-12-18 06:22:11 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2010-12-18 05:57:45 479232 ----a-w- C:\Windows\System32\html.iec
    2010-12-18 05:25:26 385024 ----a-w- C:\Windows\SysWow64\html.iec
    2010-12-18 05:16:59 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
    2010-12-18 05:15:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-12-18 04:48:39 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2010-12-18 04:47:11 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-12-14 16:15:49 1251840 ----a-w- C:\Windows\System32\sdclt.exe

    ============= FINISH: 1:25:42.11 ===============



    ---------------------------------------------------------------------------------------------------


    It gave me the DDS.txt log but didn't give me an Attach,txt log.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot!
    [​IMG]

    I'll try to help with the problem. If someone gained access to you computer and stole your passwords, I can see how this might have happened/. So you should have changed all of your passwords immediately. You will also need to continue monitoring any online financial transactions.

    I am puzzled by 2 things though:
    Your bank account was overdrawn. Your PayPal account was in dispute, but because of a deposit into PayPal, you wanted to make a withdrawal? Am I missing something here? Are the bank and PayPal accounts linked? And a Debit card withdraws directly from the account that it's linked to.

    Please search the system for Attach.txt and paste it in the next reply. If DDS ran, ot will produce both of the logs- I need the other log. For instance, did you realize that you have Norton Internet Security Suite running? Maybe you used it in the past and changed to Avast. But it needs to be removed:
    Norton Removal Tool

    And what is this Uniblue entry for: 2011-02-08 : C:\Users\ANGELA~1\AppData\Roaming\Uniblue
    If it's their Registry Cleaner, don't use it and I recommend you uninstall it.
    =========================================
    We'll check further and see if anything indicated that your system was accessed. Keep in mind though, that PayPal could have been accessed from the internet.
    ========================================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    =================================
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  3. astar78

    astar78 TS Rookie Topic Starter

    First off, thank you so much for answering back. I appreciate your help. Yes my bank account and paypal are linked but I went into my bank and cancelled all my cards associated with paypal. They told me not to use that bank account until this was resolved with paypal and they return the $. Meanwhile, I have a paypal debit card and received another payment from someone and wanted to take the money out of there right away as I felt that it was an unsafe place to have $ considering what had just happened.

    I searched the computer for the Attach.txt file and nothing came up so I ran the DDS again but the Attach.txt file still doesn't come up. I am not sure what the problem is.

    I downloaded the Norton Removal Tool and just used it, thank you :)

    I don't see Uniblue listed in programs so therefore am not sure how to go about deleting it. It was a registry program that was recommended by the windows site because I was having problems connecting to the internet a few days ago and they said that I needed to download, install and run that program. I installed it and then uninstalled it right away when I saw that it would only let you see the bad files and not delete or fix them unless you have a paid account.

    The people at paypal said that they think I must have had an attack on my computer and that they must have access to all of my accounts. I logged in from another computer and changed all of my passwords and will not access them from this computer again until it's fixed.



    Here are my Eset NOD32 Online AntiVirus scan results.

    C:\Users\Angela Star\Desktop\New Folder (2)\Maxprog.eMail.Verifier.v3.5.1.Multilingual.WinALL.Incl.Keygen-BRD\Maxprog.eMail.Verifier.v3.5.1.Multilingual.WinALL.Incl.Keygen-BRD\Maxprog.eMail.Verifier.v3.5.1.Multilingual.WinALL.Incl.Keygen-BRD\Setup\SETUP.exe Win32/Injector.ALY trojan
    C:\Users\Angela Star\Desktop\New Folder (2)\Sony ACIDpro 7.0 build 502+Keygen[H33T]\Keygen\Keygen.exe a variant of Win32/Keygen.AR application
    C:\Users\Angela Star\Desktop\program icons\MsgPlusLive-490.exe a variant of Win32/MessengerPlus application
    C:\Users\Isai\AppData\Roaming\adob\adob.exe Win32/Injector.ALY trojan

    I couldn't get the combofix to run. It started running and when it got to the part where it said scanning for infected files... it ran for a while and then a window popped up that said, "Windows Command Processor Has Stopped Working".

    What should I do next? Again, thank you so much for your help! :)
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You got malware when you pirated programs. They will have to removed to continue support;


    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Files
      C:\Users\Angela Star\Desktop\New Folder (2)\Sony ACIDpro 7.0 build 502+Keygen[H33T]\Keygen\Keygen.exe 
      C:\Users\Angela Star\Desktop\program icons\MsgPlusLive-490.exe 
      C:\Users\Isai\AppData\Roaming\adob\adob.exe 
      C:\Users\Angela Star\Desktop\New Folder (2)\Maxprog.eMail.Verifier.v3.5.1.Multilingual.WinALL.Incl.Keygen-BRD\Maxprog.eMail.Verifier.v3.5.1.Multilingual.WinALL.Incl.Keygen-BRD\Maxprog.eMail.Verifier.v3.5.1.Multilingual.WinALL.Incl.Keygen-BRD\Setup\SETUP.exe 
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
     
  5. astar78

    astar78 TS Rookie Topic Starter

    All processes killed

    All processes killed
    ========== FILES ==========
    C:\Users\Angela Star\Desktop\New Folder (2)\Sony ACIDpro 7.0 build 502+Keygen[H33T]\Keygen\Keygen.exe moved successfully.
    C:\Users\Angela Star\Desktop\program icons\MsgPlusLive-490.exe moved successfully.
    C:\Users\Isai\AppData\Roaming\adob\adob.exe moved successfully.
    File move failed. C:\Users\Angela Star\Desktop\New Folder (2)\Maxprog.eMail.Verifier.v3.5.1.Multilingual.WinALL.Incl.Keygen-BRD\Maxprog.eMail.Verifier.v3.5.1.Multilingual.WinALL.Incl.Keygen-BRD\Maxprog.eMail.Verifier.v3.5.1.Multilingual.WinALL.Incl.Keygen-BRD\Setup\SETUP.exe scheduled to be moved on reboot.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Angela Star
    ->Temp folder emptied: 26265558 bytes
    ->Temporary Internet Files folder emptied: 895897534 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 700 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Isai
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 87440 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 127578946 bytes

    Total Files Cleaned = 1,001.00 mb


    OTM by OldTimer - Version 3.1.17.2 log created on 02142011_084305

    Files moved on Reboot...
    File move failed. C:\Users\Angela Star\Desktop\New Folder (2)\Maxprog.eMail.Verifier.v3.5.1.Multilingual.WinALL.Incl.Keygen-BRD\Maxprog.eMail.Verifier.v3.5.1.Multilingual.WinALL.Incl.Keygen-BRD\Maxprog.eMail.Verifier.v3.5.1.Multilingual.WinALL.Incl.Keygen-BRD\Setup\SETUP.exe scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Perhaps I didn't make myself clear> I tried to remove the files that were infected.

    You have to remove the pirated programs:
    Maxprog.eMail.Verifier.v3.5.1.Multilingual> removal of malware on this failed.
    Sony ACIDpro 7.0


    OTM: Total Files Cleaned = 1,001.00 mb. This is an enormous amount! Do you do any maintenance on the system? Delete temporary internet files and Cookies, Disc Cleanup, Defrag, Error Check?
     
  7. astar78

    astar78 TS Rookie Topic Starter

    I am so confused

    Found and deleted. I re-ran OTM. Here is the new log. Thank you for all your help. Does this mean that I should be all good now?


    All processes killed
    ========== FILES ==========
    File/Folder C:\Users\Angela Star\Desktop\New Folder (2)\Sony ACIDpro 7.0 build 502+Keygen[H33T]\Keygen\Keygen.exe not found.
    File/Folder C:\Users\Angela Star\Desktop\program icons\MsgPlusLive-490.exe not found.
    File/Folder C:\Users\Isai\AppData\Roaming\adob\adob.exe not found.
    File/Folder C:\Users\Angela Star\Desktop\New Folder (2)\Maxprog.eMail.Verifier.v3.5.1.Multilingual.WinALL.Incl.Keygen-BRD\Maxprog.eMail.Verifier.v3.5.1.Multilingual.WinALL.Incl.Keygen-BRD\Maxprog.eMail.Verifier.v3.5.1.Multilingual.WinALL.Incl.Keygen-BRD\Setup\SETUP.exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Angela Star
    ->Temp folder emptied: 1239339 bytes
    ->Temporary Internet Files folder emptied: 81483003 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 1144 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Isai
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 59446 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 144173239 bytes

    Total Files Cleaned = 217.00 mb


    OTM by OldTimer - Version 3.1.17.2 log created on 02142011_182814

    Files moved on Reboot...
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    If this was my computer, I'd reformat/reinstall ASAP. If your system has been compromised to this extent, that's the only safe way to go. Changing just the passwords isn't enough. You do not know what other information might have been found.
    ===============================
    I'd like to run one more scan:

    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
      in your next reply.
     
  9. astar78

    astar78 TS Rookie Topic Starter

    Ck Scanner Log

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\program files (x86)\adobe\adobe premiere pro cs4\plug-ins\en_us\vstplugins\decrackler1.dll
    c:\program files (x86)\adobe\adobe premiere pro cs4\plug-ins\en_us\vstplugins\decrackler2.dll
    c:\program files (x86)\adobe\adobe premiere pro cs4\plug-ins\en_us\vstplugins\decrackler6.dll
    c:\program files (x86)\gateway games\bejeweled 2 deluxe\sounds\firecrackle.ogg
    c:\program files (x86)\image-line\hardcore\presets\i cracked my tube!.hdprg
    c:\program files (x86)\image-line\sawer\presets\ambient\mc cracked.sawer
    c:\_otm\movedfiles\02142011_084305\c_users\angela star\desktop\new folder (2)\sony acidpro 7.0 build 502+keygen[h33t]\keygen\keygen.exe
    scanner sequence 3.GL.11
    ----- EOF -----
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please go ahead and run Combofix now.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...